📄 traffic-classify
字号:
#!/usr/bin/perl -w## Copyright (C) 2001 by USC/ISI# All rights reserved.## Redistribution and use in source and binary forms are permitted# provided that the above copyright notice and this paragraph are# duplicated in all such forms and that any documentation, advertising# materials, and other materials related to such distribution and use# acknowledge that the software was developed by the University of# Southern California, Information Sciences Institute. The name of the# University may not be used to endorse or promote products derived from# this software without specific prior written permission.## THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.## An perl script takes a tcpdump trace as input and outputs # statistics (total # of packetz and total size) of each type of traffic## This work is supported by DARPA through SAMAN Project# (http://www.isi.edu/saman/), administered by the Space and Naval# Warfare System Center San Diego under Contract No. N66001-00-C-8066$total=0;$http=0;$nntp=0;$ftp=0;$domain=0;$ntp=0;$smtp=0;#$icmp=0;$realaudio=0;$pop3=0;$time=0;$webcache=0;$ssh=0;$squid=0;$telnet=0;$cvs=0;$h323=0;$datametric=0;$x11=0;$phonebook=0;$snmp=0;$syslog=0;$gopher=0;$bgp=0;$auth=0;$rtsp=0;#$gris=0;$other=0;$totals=0;$https=0;$nntps=0;$ftps=0;$domains=0;$ntps=0;$smtps=0;$realaudios=0;$others=0;$pop3s=0;$times=0;$webcaches=0;$sshs=0;$squids=0;$telnets=0;$cvss=0;$h323s=0;$datametrics=0;$x11s=0;$phonebooks=0;$snmps=0;$syslogs=0;$gophers=0;$bgps=0;$auths=0;$rtsps=0;#$griss=0;$httpP= "80";$httpsP= "443";$sshP= "22";$squidP= "3128";$datametricsP= "1645";$phonebookP= "767";$x11P= "6000";$telnetP= "23";$webcacheP= "8080";$cvspserverP= "2401";$domainP= "53";$nntpP= "119";$ntpP= "123";$h323gatediscP= "1718";$h323gatestatP= "1719";$h323hostcallP= "1720";$pop3P= "110";$timeP= "37";$ftpdataP= "20";$ftpP= "21";$smtpP= "25";$snmpP= "161";$gopherP= "70";$authP= "11";$rtspP= "554";$bgpP= "179";$syslogP= "514";while (<>) { ($time1,$time2,$ip11,$ip12,$ip13,$ip14,$srcPort,$dummy2,$ip21,$ip22,$ip23,$ip24,$dstPort,$dummy3,$proto,$size) = split(/[.: ]/,$_);#print join("#",split(/[.: ]/,$_)); $time1=""; $time2="";# $dummy1=""; $dummy2=""; $dummy3=""; $ip11=""; $ip12=""; $ip13=""; $ip14=""; $ip21=""; $ip22=""; $ip23=""; $ip24=""; if (defined($proto) && defined($size)) { if (($proto eq "udp") || ($proto eq "tcp")) { if (defined($srcPort) && defined($dstPort) && ($size < 1500)) { if (($srcPort eq $httpP) || ($dstPort eq $httpP)) { $https=$https+$size; } elsif (($srcPort eq $httpsP) || ($dstPort eq $httpsP)) { $https=$https+$size; } elsif (($srcPort eq $sshP) || ($dstPort eq $sshP)) { $sshs=$sshs+$size; } elsif (($srcPort eq $squidP) || ($dstPort eq $squidP)) { $squids=$squids+$size; } elsif (($srcPort eq $datametricsP) || ($dstPort eq $datametricsP)) { $datametrics=$datametrics+$size; } elsif (($srcPort eq $phonebookP) || ($dstPort eq $phonebookP)) { $phonebooks=$phonebooks+$size; } elsif (($srcPort eq $x11P) || ($dstPort eq $x11P)) { $x11s=$x11s+$size; } elsif (($srcPort eq $telnetP) || ($dstPort eq $telnetP)) { $telnets=$telnets+$size; } elsif (($srcPort eq $webcacheP) || ($dstPort eq $webcacheP)) { $webcaches=$webcaches+$size; } elsif (($srcPort eq $cvspserverP) || ($dstPort eq $cvspserverP)) { $cvss=$cvss+$size; } elsif (($srcPort eq $domainP) || ($dstPort eq $domainP)) { $domains=$domains+$size; } elsif (($srcPort eq $ntpP) || ($dstPort eq $ntpP)) { $ntps=$ntps+$size; } elsif (($srcPort eq $h323gatestatP) || ($dstPort eq $h323gatestatP)) { $h323s=$h323s+$size; } elsif (($srcPort eq $h323hostcallP) || ($dstPort eq $h323hostcallP)) { $h323s=$h323s+$size; } elsif (($srcPort eq $h323gatediscP) || ($dstPort eq $h323gatediscP)) { $h323s=$h323s+$size; } elsif (($srcPort eq $pop3P) || ($dstPort eq $pop3P)) { $pop3s=$pop3s+$size; } elsif (($srcPort eq $timeP) || ($dstPort eq $timeP)) { $times=$times+$size; } elsif (($srcPort eq $nntpP) || ($dstPort eq $nntpP)) { $nntps=$nntps+$size; } elsif (($srcPort eq $ftpP) || ($dstPort eq $ftpP)) { $ftps=$ftps+$size; } elsif (($srcPort eq $ftpdataP) || ($dstPort eq $ftpdataP)) { $ftps=$ftps+$size; } elsif (($srcPort eq $smtpP) || ($dstPort eq $smtpP)) { $smtps=$smtps+$size; } elsif (($srcPort eq $snmpP) || ($dstPort eq $snmpP)) { $snmps=$snmps+$size; } elsif (($srcPort eq $gopherP) || ($dstPort eq $gopherP)) { $gophers=$gophers+$size; } elsif (($srcPort eq $authP) || ($dstPort eq $authP)) { $auths=$auths+$size; } elsif (($srcPort eq $rtspP) || ($dstPort eq $rtspP)) { $rtsps=$rtsps+$size; } elsif (($srcPort eq $bgpP) || ($dstPort eq $bgpP)) { $bgps=$bgps+$size; } elsif (($srcPort eq $syslogP) || ($dstPort eq $syslogP)) { $syslogs=$syslogs+$size; } elsif (($srcPort eq "6970") || ($dstPort eq "6970")) { $realaudios=$realaudios+$size; } else { $others=$others+$size; } $totals=$totals+$size; } } } if (defined($srcPort) && defined($dstPort)) { if (($srcPort eq $httpP) || ($dstPort eq $httpP)) { $http=$http+1; } elsif (($srcPort eq $httpsP) || ($dstPort eq $httpsP)) { $http=$http+1; } elsif (($srcPort eq $domainP) || ($dstPort eq $domainP)) { $domain=$domain+1; } elsif (($srcPort eq $webcacheP) || ($dstPort eq $webcacheP)) { $webcache=$webcache+1; } elsif (($srcPort eq $sshP) || ($dstPort eq $sshP)) { $ssh=$ssh+1; } elsif (($srcPort eq $phonebookP) || ($dstPort eq $phonebookP)) { $phonebook=$phonebook+1; } elsif (($srcPort eq $x11P) || ($dstPort eq $x11P)) { $x11=$x11+1; } elsif (($srcPort eq $snmpP) || ($dstPort eq $snmpP)) { $snmp=$snmp+1; } elsif (($srcPort eq $gopherP) || ($dstPort eq $gopherP)) { $gopher=$gopher+1; } elsif (($srcPort eq $authP) || ($dstPort eq $authP)) { $auth=$auth+1; } elsif (($srcPort eq $rtspP) || ($dstPort eq $rtspP)) { $rtsp=$rtsp+1; } elsif (($srcPort eq $bgpP) || ($dstPort eq $bgpP)) { $bgp=$bgp+1; }# elsif (($srcPort eq $grisP) || ($dstPort eq $grisP)) {# $gris=$gris+1;# } elsif (($srcPort eq $syslogP) || ($dstPort eq $syslogP)) { $syslog=$syslog+1; } elsif (($srcPort eq $datametricsP) || ($dstPort eq $datametricsP)) { $datametric=$datametric+1; } elsif (($srcPort eq $squidP) || ($dstPort eq $squidP)) { $squid=$squid+1; } elsif (($srcPort eq $cvspserverP) || ($dstPort eq $cvspserverP)) { $cvs=$cvs+1; } elsif (($srcPort eq $telnetP) || ($dstPort eq $telnetP)) { $telnet=$telnet+1; } elsif (($srcPort eq $ntpP) || ($dstPort eq $ntpP)) { $ntp=$ntp+1; } elsif (($srcPort eq $pop3P) || ($dstPort eq $pop3P)) { $pop3=$pop3+1; } elsif (($srcPort eq $timeP) || ($dstPort eq $timeP)) { $time=$time+1; } elsif (($srcPort eq $nntpP) || ($dstPort eq $nntpP)) { $nntp=$nntp+1; } elsif (($srcPort eq $ftpP) || ($dstPort eq $ftpP)) { $ftp=$ftp+1; } elsif (($srcPort eq $ftpdataP) || ($dstPort eq $ftpdataP)) { $ftp=$ftp+1; } elsif (($srcPort eq $smtpP) || ($dstPort eq $smtpP)) { $smtp=$smtp+1; } elsif (($srcPort eq $h323gatestatP) || ($dstPort eq $h323gatestatP)) { $h323=$h323+1; } elsif (($srcPort eq $h323hostcallP) || ($dstPort eq $h323hostcallP)) { $h323=$h323+1; } elsif (($srcPort eq $h323gatediscP) || ($dstPort eq $h323gatediscP)) { $h323=$h323+1; } elsif (($srcPort eq "6970") || ($dstPort eq "6970")) { $realaudio=$realaudio+1; } else { $other=$other+1; } $total=$total+1; } }print "[PROTO] [# of PKT] [% of TOTAL PKT] [SIZE] [% of TOTAL SIZE]\n";$httpp1=$http/$total;$httpp2=$https/$totals;print "HTTP $http $httpp1 $https $httpp2\n";$nntpp1=$nntp/$total;$nntpp2=$nntps/$totals;print "NNTP $nntp $nntpp1 $nntps $nntpp2\n";$ntpp1=$ntp/$total;$ntpp2=$ntps/$totals;print "NTP $ntp $ntpp1 $ntps $ntpp2\n";$domainp1=$domain/$total;$domainp2=$domains/$totals;print "DNS $domain $domainp1 $domains $domainp2\n";$smtpp1=$smtp/$total;$smtpp2=$smtps/$totals;print "SMTP $smtp $smtpp1 $smtps $smtpp2\n";$ftpp1=$ftp/$total;$ftpp2=$ftps/$totals;print "FTP $ftp $ftpp1 $ftps $ftpp2\n";$snmpp1=$snmp/$total;$snmpp2=$snmps/$totals;print "SNMP $snmp $snmpp1 $snmps $snmpp2\n";$gopherp1=$gopher/$total;$gopherp2=$gophers/$totals;print "GOPHER $gopher $gopherp1 $gophers $gopherp2\n";#$authp1=$auth/$total;#$authp2=$auths/$totals;#print "AUTH $auth $authp1 $auths $authp2\n";$rtspp1=$rtsp/$total;$rtspp2=$rtsps/$totals;print "RTSP $rtsp $rtspp1 $rtsps $rtspp2\n";#$grisp1=$gris/$total;#$grisp2=$griss/$totals;#print "GRIS $gris $grisp1 $griss $grisp2\n";$syslogp1=$syslog/$total;$syslogp2=$syslogs/$totals;print "SYSLOG $syslog $syslogp1 $syslogs $syslogp2\n";$bgpp1=$bgp/$total;$bgpp2=$bgps/$totals;print "BGP $bgp $bgpp1 $bgps $bgpp2\n";$webcachep1=$webcache/$total;$webcachep2=$webcaches/$totals;print "WEBCACHE $webcache $webcachep1 $webcaches $webcachep2\n";$pop3p1=$pop3/$total;$pop3p2=$pop3s/$totals;print "POP3 $pop3 $pop3p1 $pop3s $pop3p2\n";$datametricp1=$datametric/$total;$datametricp2=$datametrics/$totals;print "DATAMETRICS $datametric $datametricp1 $datametrics $datametricp2\n";$timep1=$time/$total;$timep2=$times/$totals;print "TIME $time $timep1 $times $timep2\n";$sshp1=$ssh/$total;$sshp2=$sshs/$totals;print "SSH $ssh $sshp1 $sshs $sshp2\n";$squidp1=$squid/$total;$squidp2=$squids/$totals;print "SQUID $squid $squidp1 $squids $squidp2\n";$telnetp1=$telnet/$total;$telnetp2=$telnets/$totals;print "TELNET $telnet $telnetp1 $telnets $telnetp2\n";$cvsp1=$cvs/$total;$cvsp2=$cvss/$totals;print "CVS $cvs $cvsp1 $cvss $cvsp2\n";$h323p1=$h323/$total;$h323p2=$h323s/$totals;print "H323 $h323 $h323p1 $h323s $h323p2\n";$phonebookp1=$phonebook/$total;$phonebookp2=$phonebooks/$totals;print "PHONEBOOK $phonebook $phonebookp1 $phonebooks $phonebookp2\n";$x11p1=$x11/$total;$x11p2=$x11s/$totals;print "X11 $x11 $x11p1 $x11s $x11p2\n";$otherp1=$other/$total;$otherp2=$others/$totals;print "OTHER $other $otherp1 $others $otherp2\n";⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -